Lync Edge Server External Private Certificate

Hey GURUS!
Please help me out:
I'm having issues accessing Lync from external network.
Mobile clients login fine, but computer clients fail to login.
My current deployment consists in a single 2013 front-end and a single 2013 edge server.
All servers have certificates from my internal CA.
All servers have the root CA certificate installed in the trusted root certificate authority.
I have 2 sip domains, and the edge certificate has both sip domains.
However, when I test from test connectivity.microsoft.com, I get an error regarding the certificate chain.
I can't understand why lync requires a intermediate certificate, if I don't have any published in my organisation.
The certificate path goes: Root CA -> Certificate.
Also, the lync discover test runs with no errors what so ever.
This error on the edge didn't occur when I had lync 2010 running.
Does anyone know how to solve this?
Thanks!
Andrey Santana
edit: i forgot to upload the screenshot

Thiago,
The certificates from the Front End / Reverse Proxy are also from the internal CA and I don't get the error, it actually runs successfully.
Andrey
How did you test the certificates from the Front End and Reverse Proxy Server?
The public website connectivity.microsoft.com need a public certificate.
But if you use private certificate in lab, it could work as long as you install the Root CA certificate on client computer.
Lisa Zheng
TechNet Community Support

Similar Messages

  • Lync Edge Server 2013 Certificate Issue seems unresolvable

    I've implemented a single internal Standard Edition Front End server with a single consolidated Edge server and Reverse Proxy server/appliance located in a perimeter network.
    On the internal IP of the Edge server I use a certificate form a internal CA ( which is trusted by the edge server), the "internal" certificate issued by the internal Ca is used only between the edge server and the frontend server. An external certificate
    with cn sip.ipabo.nl and alt.subj sip.ipabo.nl and webconf.ipabo.nl. from Globalsign is used on the external IP’s . Services have their own ip adresses and are natted by a router. Ive tested that all ports can be reached from the internet. But still no connection
    possible from external clients. The ms. connectivity analyser says: "The The certificate couldn't be validated because SSL negotiation wasn't successful". Connections from mobile clients through reverse proxy are no problem also internal clients
    have no issue ( they both don’t use the edge but proxy ). So i assume there's someting wrong with the certificate implementation on the Edge server, however ive tested it with the RUCT from Curtis Johnstone, and the certificate seems to be OK. Also in the
    Lync Server Deployment Wizard the certificates seem to be OK. In the computers personal certificate store the are only the two necessary certificates ( internal and external) also intermediate certificates are installed. Routing ( default gateway on external
    interface ) is working fine. So I think I'm out of options, any ideas? 
    Tnx, 
    Guido

    Please check the DNS records for sip.ipabo.nl and webconf.ipabo.nl are created on external DNS server.
    Please check you can telnet Lync Edge Access service FQDN on 443 port.
    Check the automatic configuration for remote access is configured correctly or you can try to sign in manually.
    Follow the steps in blog blow to test your Edge Server:
    http://blogs.technet.com/b/nexthop/archive/2011/12/07/useful-tips-for-testing-your-lync-edge-server.aspx
    Lisa Zheng
    TechNet Community Support

  • Lync Edge Server Certificate Issue

    I've implemented a single internal Standard Edition
    Front End server with a single consolidated Edge server and Reverse Proxy server/appliance located in a perimeter network.
    On the internal IP of the Edge server I use a certificate form a internal CA ( which is trusted by the edge server), the "internal" certificate issued by the internal Ca is used only between the edge server and the frontend server. An external certificate
    with cn sip.ipabo.nl and alt.subj sip.ipabo.nl and webconf.ipabo.nl. from Globalsign is used on the external IP’s . Services have their own ip adresses and are natted by a router. Ive tested that all ports can be reached from the internet. But still no connection
    possible from external clients. The ms. connectivity analyser says: "The The certificate couldn't be validated because SSL negotiation wasn't successful". Connections from mobile clients through reverse proxy are no problem also internal clients
    have no issue ( they both don’t use the edge but proxy ). So i assume there's someting wrong with the certificate implementation on the Edge server, however ive tested it with the RUCT from Curtis Johnstone, and the certificate seems to be OK. Also in the
    Lync Server Deployment Wizard the certificates seem to be OK. In the computers personal certificate store the are only the two necessary certificates ( internal and external) also intermediate certificates are installed. Routing ( default gateway on external
    interface ) is working fine. So I think I'm out of options, any ideas? 
    Tnx, 
    Guido

    Ok I found It:
    It was a simple setting in the Control panel, or in the management shell:
    In Set-Accessedgeconfiguration
    AllowOutsideUsers was set to False. this should be true.
    I found it by Using OCSlogging on the Edgeserver, looking at SIP.
    So I don't understand how all the certificate and server unavailable warnings make any sense. 
    The next issue will be exchange integration :)
    Thanks for your help everybody

  • Wildcard Certifikate - Edge server/External web

    Hello,
    In our company we have deployed Lync 2013 CU4 with topology,
    Edge server - One for all roles a/v
    Front End - Standard with all roles
    All certs are form our internal CA, and it works for my domain users. But for all external users or skype we need external cert. We have one wildcard cert for our domain.
    So question is can we user wildcard cert for our Edge server, and exteranal serwis of front end.
    Front end i think can use that is on tech net: http://technet.microsoft.com/en-us/library/gg398094.aspx

    Good morning,
    Using a wildcard certificate on Lync Edge server is not supported, and indeed will cause you problems.
    It also sounds like you are passing your Lync web services directly to your front end server. This is not recommended, and you should use a reverse proxy for this purpose. You would then place an external (public) certificate on that reverse proxy. So there's
    no need for a public cert on the front end in this scenario.
    You may consolidate the certificate requirements for reverse proxy and Edge onto a single multi-san certificate, and use that same certificate on both servers.
    OR
    If you use two separate certificates then it is supported to use a wildcard public certificate on the reverse proxy (web services), but your Edge certificate must be a separate multi-san certificate.
    Kind regards
    Ben
    Note: If you find a post informative, please mark it so using the arrow to the left. If it answers a question you've asked, please mark the thread as answered to aid others when they're looking for solutions to similar problems or queries.
    For Fun: Gecko-Studio | For Work:
    Nexus Open Systems

  • Problems with SNOM 7XX phones and presence of Lync Edge server

    Hi to all,
    we have this problem, this is the scenario (two Lync 2013 st ed. servers):
    - lync 2013 FE server have internal IP address 172.21.212.XXX with internal gateway 172.21.212.254
    - lync 2013 edge server have two network interface:
    First INTERFACE: 3 IPs in 172.21.30.XXX (Access, web and A/V Edge) for external connection with 172.21.30.254 and internal gateway (IP NAT with public IP)
    Second INTERFACE: IP 172.21.212.XXX for internal connection without gateway
    - snom 7XX (50 phones) are connect to the lync server and all internal call works fine. All phones are in an internal dedicated network 172.21.218.XXX with default gateway 172.21.218.254
    - when making external call with 7XX SNOM phones, the call was routed to Trunk COLT with Lync Mediation server and all works fine.
    - when Lync Mediation server receive a call from our trunk COLT we have this situation:
    All Lync 2013 clients work fine, audio is OK, (network 172.21.216.XXX)
    Polycom CX3000 work fine audio is OK (network 172.21.218.XXX)
    SNOM 710, 720, 760  FW 8.8.2.16 UC series,  phones ring but NO SOUNDS from the phones and after a few seconds "Call failed due to network issues."
    The only way to solve the problem is to disable the connection with Lync Edge server (remove gateway 172.21.30.254)
    BUT this is not the solution because now we have no connection with INTERNET (skype, web conferencing doesen't work without edge gateway)
    Why SNOM phones try to use the EDGE gateway to connect the call? Why doesn't use Lync Mediation server?
    Can you help us to find a solution?
    Thanks
    Aurelio

    Hi,
    Thanks to all for yours support.
    Today, we have done some test (no employee in office today
    J) and we have solved the problems.
    The old implementation have had this configuration:
    - the phone numbers have had a no E.164 format compliant: for all users number, the phone number have had this format TEL:012345XYZW ; EXT=XYZW with the normalization
    rules:
    Starting digits: 01234567
    Length: At least 8 digits
    Digit to remove: 0
    Digit to add: nothing
    Pattern to match ^(01234567\d*)$
    All worked fine with this previous configuration:
    Lync 2010 std with only mediation server function + Lync 2013 std front-end with all the others functions and Lync 2013 std Edge server for external connection with
    Lync client Skype world, BUT we have had disabled in SNOM phones ICE function because if ICE was enabled no voice can we hear from the phones.
    After dismissed Lync 2010 with only a Lync 2013 infrastructure, this configuration don’t permit to use edge server because with ICE enabled or disabled no voice from
    SNOM phones.
    Today we have done this operation:
    Setting in Lync 2013 control panel all number for all users, in E.164 format compliant:
    The phone number now have this format TEL:+39012345XYZW ; EXT=XYZW and we have deleted the previous normalization roles.
    We have added this role for the EXT numbers:
    Name: Routing Interno
    Starting Digits: XY
    Length: Exactly 4 (i.e. XYZW)
    Digit to remove 0
    Digit to add: +39012345
    Pattern to match: ^(XY\d(2))$
    Translation rule: +39012345$1
    Internal extension = checked
    And now all work fine.
    We have solved another problem:
    Lync client 2013 can't find new users:
    all new Lync users are not discovered from Lync 2013 client, probably because this setting is present with Lync 2010:
    PS C:\> Get-CsAddressBookConfiguration
    Identity                  
    : Global
    RunTimeOfDay              
    : 1:30 AM
    KeepDuration              
    : 30
    SynchronizePollingInterval : 00:00:30
    MaxDeltaFileSizePercentage : 20
    UseNormalizationRules     
    : True
    IgnoreGenericRules        
    : False
    EnableFileGeneration      
    : True
    With only Lync 2013 servers we have changed
    IgnoreGenericRules to True
    To set UseNormalizationRules and IgnoreGenericRules to true for Lynk 2013 infrastructure.
    http://technet.microsoft.com/en-us/library/jj205160.aspx
    For us all the problems are SOLVED!
    Aurelio

  • Lync Edge Server 2013 Setup

    Hi,
    I am planning to deploy 1 Lync Edge Server but the problem is we only have one public IP address. This will be deployed on a Hyper-V VM with 2 NICS installed. All tutorials I have read pertains on having 3 public IP address. The purpose is only to try Skype
    federation. Our Front Edge currently works well internally. Is there any way I can deploy an Edge Server with only one Public IP?
    Thanks,
    -Ed-

    Hi Ed,
    Although it is best practice to use 3 public IPs for your Edge deployment, you can indeed use just a single public IP - this is a completely supported configuration.
    The reason for using 3 public IPs is so that all three Edge services (Access, AV, Conf) can all use port 443 without any conflict. If you choose to use a single IP like you suggest, then naturally these three services can't all use 443. 
    When you are deploying your new Edge server and configuring it in the Topology Builder, there will come a point where it will ask you if you want to use a single IP for all services. If you choose to do so, you will see that it will automatically change
    the Edge services to use varying ports (5061,443,444) instead of all on 443.
    Deployment of your Edge will allow external clients to sign in. However, keep in mind that external access and functionality is two part, and the deployment of a reverse proxy is required to allow mobile client sign-in and a vast array of other features
    including;
    • Allows external users to download meeting content for your meetings.
    • Allows external users to expand distribution groups.
    • Allows remote users to download files from the Address Book service.
    • Allows access via the Lync Web App client.
    • Provides access to the Dial-in Conferencing Settings webpage.
    • Provides access to the Location Information service.
    • Provides external devices access to the Device Update web service.
    • Enables Lync mobile applications to discover and use the mobility URLs
    • Allows Lync 2013 clients to leverage Lync Discover URLs
    Importantly, your Reverse Proxy will also need a public IP. 
    In short, you can gain limited external connectivity with a single public IP, but if you want a FULL external feature set you will need 2 public IPs at the very least.
    You cannot collocate the reverse proxy with the Edge, or use the same IP for both.
    Hope that helps.
    Kind regards
    Ben

  • LYNC EDGE Server NIC Card Setup

    Hello Guys,
    I need Your help about setting up the NIC on my EDGE server. I already gone through the article about Set Up Network Interfaces for Edge Servers. as I understand there
    are 2 NIC required on each EDGE server (1 Internal facing 7 another 1 is External facing).  I just wanted to confirm is there any option to do this with only 1 NIC card or can we configure EDGE with 1 NIC only.?
    Thanks in Advance.
    Rishi Aggarwal
    Regards Rishi Aggarwal

    Possible?  Yes, I do this on occasion against recommendations and best practices for companies who simply can't or won't set up a second DMZ (please don't split the NICs between your internal network and DMZ, it's just bad security).  Everything
    mostly seems to work just fine.  But, recommended and supported? No.
    Here's an article from David Paulino who's also been through it:
    http://uclobby.com/2014/04/17/lync-edge-server-on-a-single-subnet/
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
    SWC Unified Communications

  • Lync Edge Server required for Sykpe Federation

    I have a very simple and quick question I hope some people can help a newbie to Lync 2013 with. 
    Basically we have just installed as a trial the Lync 2013 Standard edition on a server for use of IM and Persistent chat only. We are not worried about the VOIP stuff. All is working great and everything so far is installed on one server.  
    I have been asked by management to add the ability to add Skype contacts. So I know I have to enroll for PIC and setup a Skype external access federation which is fine.
    My question is though... can I install the "Lync 2013 Edge Server" role on the same server as my Front End Lync Server? I really dont want to pay for another Windows license to have a Lync Edge Server in my DMZ.
    I am looking for some advice on why I wouldnt want to do this and if I can actually do this type of setup? The end result for me would be to have all Lync installation on one server. We only have around 50 users so not massive...
    Thanks in advance everyone!  

    Hi,
    You need the aditional server for federation with Skype (PIC). You can't  install FE and Edge on the same server.
    David

  • Lync edge server for site with 2500 users

    Dear All,
    I have a question with regards to the implementation of lync edge server deployment.
    One of our client having lync deployment with 4000 users in a central site with 3 FE EE and  edge pool with 2 Edge servers, there are planning for a new site with 2500 users.
    what will be the best method for the site implementation , shall we deploy a SE Fe server and all the external communication through the Central site Edge server?
    or is it required to have a separate pool for site?
    please help me 

    Agree with the others.  So, there's two questions, "what will be the best method for the site implementation?" and "is it required to have a separate pool for site?".
    The best method I'd suggest is use Enterprise Edition Lync so you can perform pool pairing for resiliency, and have a local edge pool as the others suggested.  You have enough users to support this, and with growth you might want to be able to scale
    up anyway.
    Is it required? Not at all.  You can send them all through the central site edge server, it's possible and fully supported.    It's up to you, but I'd suggest the separate pool.
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
    SWC Unified Communications

  • Outbound Calls stop working when Lync Edge server is offline

    All,
    We have had an issue inside our environment after one of our virtual hosts died and took out our sole Edge server, basically users could not dial out and were getting the error "Network is busy" on the client. Internal dialling worked perfectly to our Lync
    users but the users could not dial out via our Cisco CME server.
    Our configuration is a Lync Enterprise Pool with 2 servers, DB cluster and a single Lync edge server, the mediation servers are installed on our enterprise pool servers as a single server and the CME is looking at the mediation servers directly and has nothing
    pointing at the edge server.
    This issue affected internal users (as the external users were all kicked out due to the server being down), the strange thing was that you got errors in snooper about the server being unavailable when you dialled out, no idea why it did this. Even stranger
    was that the call itself was sent to the CME as a debug SIP showed traffic being attempted between the user and the number which confused me even more as my mobile actually rang for a single ring as well.
    Has anybody got any ideas as to why the Edge server would do this to internal users?
    Thanks
    James

    Lync checks the bandwith policy against the Edge server. As the Edge is not responding Lync is unable to check the policy and the call fails.
    For the time being you may want to remove the Edge from the topology, then Lync checks against the Front End server.
    I hope you do understand, that this is not a great solution, but a drastic workaround suggestion to a hidden product defect! In hidden product defect I mean Microsoft Lync document team is cynically silent and trying to cover the tracks of this product defect.
    What I would consider as a straight and honest retroactive action for the Lync document team, to add a big warning section to a) single server edge deployment page + b) the Call Admission Control caveats page on Technet:
    "Warning: PRODUCT DEFECT / PRODUCT LIMITATION comes here
    If you associate an edge server or pool to a FE pool, and enable Call Admission Control, your single / pool edge will become SINGLE POINT OF FAILURE for your entire enterprise telephony when doing outbound call attempts!
    So if outbound calls is important in your company (hell, of course it is!) then deploy at least 2x Edge servers in the same pool before enable CAC!"
    But I think that warning message is way too much to ask for, thatswhy is this 2,5 years old topic still open.

  • Deploy Lync Edge Server.

    Hi, 
    We have a Lync 2013 Server. We're plan to deploy a Lync Edge Server. I just read some articles about the depoyment. I'm wondering why Lync Edge Server cannot be installed on a server with one NIC. We've 1 firewall, configured with a interface  in the
    LAN subnet and a interface configured in the DMZ subet. I want to install the Lync Edge Server with one NIC configured in the DMZ subnet and route all the internal traffic trought the firewall. But none of the articles recommend this scenario. Why not?   

    Hi,
    You're Lync 2013 Edge server requires two network interfaces, each residing on a different subnet - this part isn't debatable and is required in order to be a supported deployment (much less have it actually work). However its not uncommon to come across
    your scenario.
    As you only have a single firewall, your two options are;
    1.) External interface of the Edge server in the existing DMZ subnet, and Internal interface of the edge server directly on the LAN. (this is the least preferred option of all scenarios, but is a supported topology)
    2.) External interface of the Edge server in the existing DMZ subnet, and then create a second DMZ subnet to put the internal interface of the Edge server in. You would have to create an interface on your existing firewall in this subnet as well, essentially
    routing traffic back to the same firewall hardware but via a different subnet. This is commonly referred to as a 'three-legged' firewall. From there the traffic can go to the LAN. This is also supported, and is more preferred than option one
    The optimal solution, and the one you have probably seen in diagrams is to have back to back firewalls creating a true DMZ with the Edge server sat in between, The external interface of the edge server is on the same subnet as the internal facing adaptor
    on the outer firewall, and the internal interface of the edge server is on the same subnet as the external facing adaptor of the inner firewall. This is the preferred solution, but not achievable in your current setup without the introduction of additional
    components.
    Of the two options applicable to you (1and2), option 2 is preferred. Both are considered less secure than option 3 from a security perspective as there is only a single firewall to breach, where as option three has layered security.
    This is a very common scenario for smaller organisations - feel free to ask any further questions.
    Kind regards
    Ben
    Note: If you find a post informative, please mark it so using the arrow to the left. If it answers a question you've asked, please mark the thread as answered to aid others when they're looking for solutions to similar problems or queries.
    For Fun: Gecko-Studio | For Work:
    Nexus Open Systems

  • Lync Edge Server Service Not Starting

    i am having an issue with starting the "Lync Server Audio/Video Edge" service on my lync edge server. when i try to start the service it throws the following error..
    "The Lync server audio/video edge service on local computer started and than stopped. some services stop automatically if they are not in use by other services or programs."
    than in the event viewer logs there are 2 specific errors i can see that look like the following..
    what is stopping me from fixing this right away is that i havent changed anything in my configuration, seems to have broke on its own. i can post more errors i have found in other places as well if needed. any help is greatly appreciated

    hey sean, thanks for your response. all things point to something else using port 443 right now.. however from what i can see from a netstat command it doesnt look like anything new is running on it. here is a copy/paste of my most recent netstat command..
    Active Connections
      Proto  Local Address          Foreign Address        State           PID
      TCP    0.0.0.0:80             0.0.0.0:0              LISTENING       4
      TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       756
      TCP    0.0.0.0:443            0.0.0.0:0              LISTENING       4
      TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
      TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING       2804
      TCP    0.0.0.0:4443           0.0.0.0:0              LISTENING       4
      TCP    0.0.0.0:47001          0.0.0.0:0              LISTENING       4
      TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING       468
      TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING       844
      TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING       896
      TCP    0.0.0.0:49338          0.0.0.0:0              LISTENING       1400
      TCP    0.0.0.0:56483          0.0.0.0:0              LISTENING       572
      TCP    0.0.0.0:56966          0.0.0.0:0              LISTENING       564
      TCP    0.0.0.0:56967          0.0.0.0:0              LISTENING       2824
      TCP    192.100.100.84:139     0.0.0.0:0              LISTENING       4
      TCP    192.100.100.84:444     0.0.0.0:0              LISTENING       1768
      TCP    192.100.100.84:5061    0.0.0.0:0              LISTENING       1908
      TCP    192.100.100.84:5061    68.34.170.246:52296    CLOSE_WAIT      1908
      TCP    192.100.100.84:5061    68.34.170.246:52297    CLOSE_WAIT      1908
      TCP    192.100.100.84:5061    68.34.170.246:53570    CLOSE_WAIT      1908
      TCP    192.100.100.85:5061    0.0.0.0:0              LISTENING       1908
      TCP    192.100.100.85:5062    0.0.0.0:0              LISTENING       1844
      TCP    192.100.100.85:5062    192.100.100.83:53701   ESTABLISHED     1844
      TCP    192.100.100.85:5062    192.100.100.83:53967   ESTABLISHED     1844
      TCP    192.100.100.85:8057    0.0.0.0:0              LISTENING       1768
      TCP    192.100.100.85:8057    192.100.100.83:56612   ESTABLISHED     1768
      TCP    192.100.100.85:8057    192.100.100.83:56617   ESTABLISHED     1768
      TCP    192.100.100.85:8057    192.100.100.83:56618   ESTABLISHED     1768
      TCP    192.100.100.85:8057    192.100.100.83:56619   ESTABLISHED     1768
      TCP    192.100.100.85:8057    192.100.100.83:56620   ESTABLISHED     1768
      TCP    192.100.100.85:8057    192.100.100.83:56628   ESTABLISHED     1768
      TCP    192.100.100.85:8057    192.100.100.83:56629   ESTABLISHED     1768
      TCP    192.100.100.85:8057    192.100.100.83:56670   ESTABLISHED     1768
      TCP    192.100.100.85:57577   192.100.100.146:5357   TIME_WAIT       0
      TCP    192.100.100.85:57579   192.100.100.175:5357   TIME_WAIT       0
      TCP    192.100.100.85:57583   192.100.100.159:5357   TIME_WAIT       0
      TCP    192.100.100.85:57584   192.100.100.147:5357   TIME_WAIT       0
      TCP    192.100.100.85:57585   192.100.100.242:3911   TIME_WAIT       0
      TCP    [::]:80                [::]:0                 LISTENING      
    4
      TCP    [::]:135               [::]:0                 LISTENING      
    756
      TCP    [::]:443               [::]:0                 LISTENING      
    4
      TCP    [::]:445               [::]:0                 LISTENING      
    4
      TCP    [::]:3389              [::]:0                 LISTENING      
    2804
      TCP    [::]:4443              [::]:0                 LISTENING      
    4
      TCP    [::]:47001             [::]:0                 LISTENING      
    4
      TCP    [::]:49152             [::]:0                 LISTENING      
    468
      TCP    [::]:49153             [::]:0                 LISTENING      
    844
      TCP    [::]:49154             [::]:0                 LISTENING      
    896
      TCP    [::]:49338             [::]:0                 LISTENING      
    1400
      TCP    [::]:56483             [::]:0                 LISTENING      
    572
      TCP    [::]:56966             [::]:0                 LISTENING      
    564
      TCP    [::]:56967             [::]:0                 LISTENING      
    2824
      TCP    [2002:c064:6454::c064:6454]:4443  [2002:c064:6453::c064:6453]:54033  ESTABLISHED     4
      TCP    [2002:c064:6454::c064:6454]:57581  [2002:c064:64ab::c064:64ab]:445  ESTABLISHED     4
      TCP    [2002:c064:6454::c064:6454]:59957  [2002:c064:640c::c064:640c]:445  ESTABLISHED     4
      UDP    0.0.0.0:123            *:*                                   
    948
      UDP    0.0.0.0:500            *:*                                   
    896
      UDP    0.0.0.0:1434           *:*                                   
    1976
      UDP    0.0.0.0:4500           *:*                                   
    896
      UDP    0.0.0.0:5355           *:*                                   
    140
      UDP    127.0.0.1:51664        *:*                                   
    1172
      UDP    127.0.0.1:56155        *:*                                   
    2924
      UDP    127.0.0.1:59005        *:*                                   
    964
      UDP    127.0.0.1:62503        *:*                                   
    1680
      UDP    127.0.0.1:62786        *:*                                   
    572
      UDP    127.0.0.1:62788        *:*                                   
    140
      UDP    127.0.0.1:64531        *:*                                   
    896
      UDP    127.0.0.1:65160        *:*                                   
    1844
      UDP    192.100.100.84:137     *:*                                   
    4
      UDP    192.100.100.84:138     *:*                                   
    4
      UDP    [::]:123               *:*                                   
    948
      UDP    [::]:500               *:*                                   
    896
      UDP    [::]:1434              *:*                                   
    1976
      UDP    [::]:4500              *:*                                   
    896
      UDP    [::]:5355              *:*                                   
    140

  • Any reason not to put Lync Edge server on the same server that runs Web Application Proxy?

    We're currently running Lync 2010 standard server, without an edge server or reverse proxy.  I'm working on migrating to lync 2013 standard server, and would like to add the edge functionality in the process.  I have a Server 2012R2 in the dmz,
    with the web application proxy role installed.  I plan to use that to publish the lync web services.  Is there any reason I shouldn't install the lync edge server on the same computer? 

    It just won't work well as everything will want to bind to port 443 (the reverse proxy and the edge services as well).  On top of all that, it's just not supported.  A new virtual server will save you hours upon hours of frustration and leave you
    with a supported configuration. 
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
    SWC Unified Communications

  • Can't assign certificate in Lync Edge Server

    Hello, everyone
    I've installed Lync Server, internally it works fine, but while i'm deploying edge server, i have a certificate problem. On request assign certificate step, I've issued by online certificate authority, after request i see following error:
    The certificate has been issued by the online certification authority and is installed to the local certificate store, however it is not valid. Make sure that the Root certificate, and necessary certificate chain is installed on this server.
    I've downloaded root certificate from CA and imported to trusted root certificate of edge server. I think root certificate is valid, because non domain members which imported root certificate, sign in Lync successfully.
    I also sent offline certificate request (http://technet.microsoft.com/en-us/library/gg412750.aspx), importing certificate was successful. But  there are no certificates in assign
    certificate wizard. I checked personal certificates using mmc, there were certificates i have requested.
    How can I solve this problem? Please help me!
    Regards and thanks for any help :)
    Enkhee

    Hi,
    You need to access htt://CAserver/certsrv to download the certificate chain in the edge server. Open MMC and install the Certificate chain with the following steps(To import the CA certification chain for the internal interface ):
    http://technet.microsoft.com/en-us/library/gg412750.aspx
    Check whether the Certificate chain is installed successfully in the
    Trusted Root Certification Authorities.
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • Edge 2013 External Wildcard Certificate

    Hi,
    I know this has been covered a number of times but I'd like something that's been posted more recently.
    We use Lync 2013 with a wildcard certificate on our edge external interface.  Everything works as expected and that's on version 5.0.8308.556
    I've recently deployed Lync 2013 at a customer site and when applying the certificate I'm unable to sign on externally or contact federated partners.  They're running 5.0.8308.577
    When testing from Lync connectivity tester I get the following:
    Attempting to resolve the host name blah.co.uk in DNS.
    The host name resolved successfully.
    Additional Details
    Testing TCP port 443 on host blah.co.uk to ensure it's listening and open.
    The port was opened successfully.
    Additional Details
    Testing the SSL certificate to make sure it's valid.
    The certificate passed all validation requirements.
    Additional Details
    Elapsed Time: 758 ms.
    Test Steps
    The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server blah.co.uk on port 443.
    The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
    Additional Details
    Validating the certificate name.
    The certificate name was validated successfully.
    Additional Details
    Certificate trust is being validated.
    The certificate is trusted and all certificates are present in the chain.
    Test Steps
    The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=*.blah.co.uk, OU=Domain Control Validated.
    One or more certificate chains were constructed successfully.
    Additional Details
    Analyzing the certificate chains for compatibility problems with versions of Windows.
    Potential compatibility problems were identified with some versions of Windows.
    Additional Details
    The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
    Elapsed Time: 4 ms.
    Testing the certificate date to confirm the certificate is valid.
    Date validation passed. The certificate hasn't expired.
    Additional Details
    The certificate is valid. NotBefore = 10/25/2013 2:46:03 PM, NotAfter = 10/25/2016 1:42:28 PM
    Elapsed Time: 0 ms.
    Testing remote connectivity for user [email protected] to the Microsoft Lync server.
    Specified remote connectivity test(s) to Microsoft Lync server failed. See details below for specific failure reasons.
     <label for="testSelectWizard_ctl12_ctl06_ctl03_tmmArrow">Tell
    me more about this issue and how to resolve it</label>
    Additional Details
    Couldn't sign in. Error: Error Message: Unknown error (0x80131500).
    Error Type: TlsFailureException.
    Elapsed Time: 1649 ms.
    Any help would be much appreciated!
    Thanks

    Hi,
    Wildcard certificate doesn’t support for Edge server (both external and internal interface). It is supported to use a public certificate for Edge external interface, for Edge internal interface typically use a private certificate issued by an internal certification
    authority.
    More details about certificate requirements for external user access:
    http://technet.microsoft.com/en-us/library/gg398920.aspx
    You can refer to the link below of “Wildcard Certificate Support”:
    http://technet.microsoft.com/en-us/library/hh202161.aspx
    Here is a similar case my help you:
    http://social.technet.microsoft.com/Forums/lync/en-US/6bd237eb-2e96-437b-b559-54cf95230417/lync-server-2013-edge-unknown-error-0x80131500-tlsfailureexception?forum=lyncdeploy
    Best Regards,
    Eason Huang
    Eason Huang
    TechNet Community Support

Maybe you are looking for

  • Short dump while displaying cube data in production

    Hi Folks, I'm getting a short dump while displaying cube data in production, please suggest Thanks and Regards Santhosh

  • Preventing empty rows in address formats

    Hallo everyone! I'd like to know if there is a method to prevent SBO2005A from printing empty rows in the address fields when for instance there is missing county in BP addresses like this: I have defined an address format that goes Block County Stre

  • ListFiles in Applet but on the server-site

    Hi, does anyone knows how to get a list of files in Applet which are in folder on the server, where the applet is stored? Thank you KarFil

  • HP EVA6000 with Oracle Databases

    Hi Everybody, Does anybody work with HP EVA6000 and Oracle Databases on RHEL? We have the following situation (everything is 64bits): 1) Oracle 9i Database 9.2.0.7 on RHEL4 U2 using 4 local disks RAID 0 (15000rpm each). With the following results: -

  • Reload an infocube from an ODS with erroneous information

    Hi: I have an Infocube that is update from an ODS. My problem consists in the R/3 system from LO, they put an invalid string. It pass without a problem from R/3 to the ODS. But when it makes the request to load the infocube it displays red light beca